Financial Times reports that the GSM A5/1 encryption has been cracked at a competition during the 26C3.
The *actual* A5/1 algorithm was initially proprietary and only published to industry members. Over time the cipher was reverse-engineered into a functionally identical algorithm and several flaws were found with both it and the original.
The practical implementation of this weakness relies on two pieces - the first is the actual A5/1 rainbow tables which seem to now be fairly easily computable into a 3TB dataset.The second involves the actual RF hardware necessary to communicate and process calls with the handsets as a clandestine base station.
“The reality is that a practical attack is beyond the capabilities of the vast majority of people” -- James Moran, security director of the GSMA. [link]
If this is the stumbling block to easy exploitation, then projects like OpenBTS, USRP and SDR in general should be getting a lot of traffic right now...
Monday, January 4, 2010
Thursday, December 24, 2009
Military Video Feed Hacking
If you haven't been paying attention to the Military Tech. blogs lately you may have missed The Wall Street Journal scoop of insurgents hacking US video feeds from surveillance drones. Unencrypted transmissions in the ROVER system leads to eavesdropping of the video feeds from Predator and Reaper drones.
According to WSJ sources, back in 2008 insurgent laptop(s) were recovered with files containing drone feeds and a commonly obtainable software package called Skygrabber. Mix in some off-the-shelf electronics and you have your own portable ELINT station.
Initially DoD representatives tried to downplay the incident stating that the video feeds did not contain classified information of use to the individuals. A PDF posted to the Full Disclosure mailing list indicated that at least GPS coordinates were contained as Metadata in the video feeds.
(side note: adding in the recent problems the TSA has had with PDF's and it's starting to look like nobody at the defense departments understands this whole "Metadata" thing...)
Plugging in the coordinates from the preceding image you get a location near the border of Nogales Mexico, a popular location for border patrol drone operations. Seems confidential enough to me...
According to WSJ sources, back in 2008 insurgent laptop(s) were recovered with files containing drone feeds and a commonly obtainable software package called Skygrabber. Mix in some off-the-shelf electronics and you have your own portable ELINT station.
Initially DoD representatives tried to downplay the incident stating that the video feeds did not contain classified information of use to the individuals. A PDF posted to the Full Disclosure mailing list indicated that at least GPS coordinates were contained as Metadata in the video feeds.
(side note: adding in the recent problems the TSA has had with PDF's and it's starting to look like nobody at the defense departments understands this whole "Metadata" thing...)
Plugging in the coordinates from the preceding image you get a location near the border of Nogales Mexico, a popular location for border patrol drone operations. Seems confidential enough to me...
Tuesday, December 15, 2009
MSFT "COFEE" needs microwaving...
I hardly lifted an eyebrow last month when Crunchgear discovered that Microsofts uber-secret forensic tool COFEE (note the singular "F") was leaked on the P2P sites. Primarily because, from my experience, these situations have been largely over-hyped. This circus has proved no different...
I finally got around to looking closer at this software today and am, once again, shaking my head at the amount of mis-information involved. The application itself appears to be nothing more than a wrapper for many tools which are commonly installed on windows by DEFAULT. Gizmodo gets the "FUD-of-the-week" award for the explanation of arp.exe, nbtstat.exe and net.exe as "super-illegal for the average Joe to use" -- GIVE ME A BREAK!
Bottom line: I was hoping MSFT let loose something exciting with this slip. Sadly though, it looks like the investigators are being left just as far in the dark as they always have. While providing a quick-and-easy method to generate report data, the tool doesn't go much farther beyond what a person could already do on their own with some fancy batch scripting.
Tuesday, December 8, 2009
PCB Etching at home...
It's been awhile since I've posted anything (hobbies took a back seat to working and family) but I just now got around to reading a great post over at the GetLoFi website on "How We Make Circuit Boards"
They do a great job of showing the process from start to finish and it ends up being 99% similiar to the way I have done it. (and had great success with) I even picked out a couple small improvements that I think will help on my next round of homebuilt PCB's.
Go watch and try it out!
They do a great job of showing the process from start to finish and it ends up being 99% similiar to the way I have done it. (and had great success with) I even picked out a couple small improvements that I think will help on my next round of homebuilt PCB's.
Go watch and try it out!
Monday, June 1, 2009
DatalossDB Winners Announced!
The Open Security Foundation's DatalossDB contest winners were announced this morning and I took 2nd place. They have a good write-up of the entries (of which, some were pretty humorous) and contain all the nitty-gritty details of the contest and their entries. If you are interested, go take a look. I was very impressed with how close the results were considering there was only one year separating myself from the 3rd place winner. But in the end, a little luck never hurts...
Subscribe to:
Posts (Atom)
Posts
